ATT&CK¶
The ATT&CK tab of the Alarm Monitor page uses the MITRE ATT&CK framework to classify malicious Events. Alarms are reported in an Event timeline and sorted into separate lists by MITRE ATT&CK Tactics and Techniques.
Events that align with ATT&CK Tactics and Techniques will be in a category that represents the Tactic, Technique, and Sub-Technique. The ATT&CK view breaks those Plixer Scrutinizer categories down further into individual Techniques and provides a visual representation of how those Techniques were observed over time.
In the ATT&CK view, the Tactics are listed horizontally along the top of the chart, with the Techniques listed vertically below the associated Tactic.
Event timeline actions
Mouseover - Shows the timestamps for the initial and most recent Events in the block, their severity, and the number of times the Event was observed during the timeframe
Click - Pulls out a quick-access tray containing links to the Policies and hosts associated with the Alarm as well as MITRE ATT&CK information (tactic, technique, and sub-technique) for the Event(s)
Event category list actions
Mouseover - Shows basic MITRE ATT&CK information (tactics, techniques, and sub-techniques) for the Event(s) as well as the number of times the Event was observed
Click - Filters all Alarm Monitor views to show only information for the selected Event block
Hint
Event blocks in both the timeline and the category lists are color-coded based on their severity.
© 2022 The MITRE Corporation. This work is reproduced and distrbuted with the permission of The MITRE Corporation.